Washington: A new wave of cyber attacks is striking American corporations. Officials say the attackers' aim is not espionage but sabotage, and the source seems to be the Middle East.

The targets have primarily been energy companies, and the attacks appeared to be probes looking for ways to seize control of processing systems. Two senior US administration officials said they were not certain from where the attacks were coming or whether they were state-sponsored or the work of hackers or criminals.

The likely targets in the US, including mobile phone networks and electric utility grids, are in private rather than government hands.

"We are concerned by these intrusions, and we are trying to make sure they don't lead to something much bigger, as they did in the Saudi case," said one senior American official. He was referring to the attack last year that affected 30,000 computers at Saudi Aramco, one of the world's largest oil producers. After lengthy investigations, American officials concluded that Iran had been behind the Saudi Aramco attack.

Another official said that in the new wave of attacks, "most everything we have seen is coming from the Middle East," but he did not say whether Iran, or another country, appeared to be the source.

Advertisement

The disclosure of the attacks was unusual because most attacks against American companies — especially those coming from China — have been attempts to obtain confidential information, steal trade secrets and gain competitive advantage. By contrast, the new attacks seek to destroy data or to manipulate industrial machinery and take over or shut down the networks that deliver energy or run industrial processes.

That kind of attack is much more like the Stuxnet worm that the US and Israel secretly used against Iran's nuclear enrichment plants several years ago to slow Iran's progress toward a nuclear weapons capability. When that covert program began, President Barack Obama, among other officials, expressed worry that its eventual discovery could prompt retaliatory attacks.

Two senior officials who have been briefed on the new intrusions say they were aimed largely at the administrative systems of about 10 major American energy firms, which they would not name. It is similar to what happened to Saudi Aramco, where a computer virus wiped data from office computers, but never succeeded in making the leap to the industrial control systems that run oil production.

According to one US official, Homeland Security officials decided to release the warning of the attacks once they saw how deeply intruders had penetrated corporate systems, including one that deals with chemical processes. In the past, the government occasionally approached individual companies it believed were under threat. Last week's warning "is an effort to make sure that the volume and timeliness of the information improves," in line with a new executive order signed by the president, one senior official said.

The warning was issued by an agency called ICS-Cert, which monitors attacks on computer systems that run industrial processes. It said the government was "highly concerned about hostility against critical infrastructure organisation," and included a link to a previous warning about Shamoon, the virus used in the Saudi Aramco attack last year. It also hinted that federal investigations were under way, referring to indications "that adversary intent extends beyond intellectual property to include use of cyber to disrupt business and control systems."

At Saudi Aramco, the virus replaced company data on thousands of computers with an image of a burning American flag. The attack prompted the defence secretary at the time, Leon Panetta, to warn of an impending "cyber 9/11" if the US did not respond more efficiently to attacks. American officials have since concluded the attack and a subsequent one at RasGas, the Qatari energy company, were the work of Iranian hackers.

Saudi Aramco said that while the attackers had attempted to penetrate its oil production systems, they had failed because the company maintained a separation between employees' administrative computers and the computers used to control and monitor production. RasGas said the attack on its computers had failed for the same reason.

But there are no clear standards for computer security, and the Homeland Security warning urged companies to take steps many computer professionals already advise. The suggestions were for "things most everyone should be doing on an everyday basis," said Dan McWhorter, the managing director of threat intelligence at Mandiant Corp. His company conducted a study this year that identified a specific unit of the Chinese army as the source of attacks on American businesses and government organisations.

Still, the warning underscored that most of the likely targets in the US, including mobile phone networks and electric utility grids, are in private rather than government hands.

For the past four years, the Department of Homeland Security has said it needs to expand its cybersecurity force by as many as 600 hacking specialists to keep pace with the rising number of threats. But in the past four months, the department has been grappling with an exodus of top officials, including Jane Holl Lute, the agency's deputy secretary; Mark Weatherford, the department's top cybersecurity official; Michael Locatis, the assistant secretary for cybersecurity; and Richard Spires, the agency's chief information officer, all of whom resigned.